Description
Manages shadow credentials on an AD object for PKINIT-based authentication.
Overview
Manages shadow credentials by manipulating the msDS-KeyCredentialLink attribute on an Active Directory object. This allows adding a certificate-based credential that can be used with PKINIT for authentication without knowing the account’s password. Supports add, list, and remove actions.
Arguments
| Parameter | Type | Description |
|---|---|---|
| Target | string | The target AD object (user or computer). |
| Action | string | The action to perform: add, list, or remove. |
| DeviceId | string | The device ID to remove (required for remove action). |
| Domain | string | The target domain. |
| DC | string | The domain controller to target. |
Additional Parameters
- CredUser: Alternate credentials username.
- CredPassword: Alternate credentials password.
Dependencies
- AD
Operating Systems
- Windows